Superseded
by libgd2 - 2.2.5-5.1+ubuntu16.04.1+deb.sury.org+1
Published
Changelog
libgd2 (2.2.5-5+ubuntu16.04.1+deb.sury.org+1) xenial; urgency=medium
* No-change backport to xenial
libgd2 (2.2.5-5) unstable; urgency=medium
* Update Vcs-* links to salsa.d.o
* Update maintainers address to <email address hidden> (Closes: #899928)
* Remove Files-Excluded from d/copyright, the files just inherit the
global license (Closes: #883760)
libgd2 (2.2.5-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Potential infinite loop in gdImageCreateFromGifCtx (CVE-2018-5711)
(Closes: #887485)
* bmp: check return value in gdImageBmpPtr (CVE-2018-1000222)
(Closes: #906886)
* Remove src/Makefile.am patching in
tests-make-a-little-change-for-autopkgtest.patch. Fixes "libgd2 FTBFS:
cannot find -lgd".
Thanks to Helmut Grohne and Adrian Bunk (Closes: #906840)
libgd2 (2.2.5-4) unstable; urgency=medium
[ Jiří Paleček ]
* Disable the test during build and run the testsuite through autopkgtest
(Closes: #867003)
* Make --as-needed work again
[ Ondřej Surý ]
* Get rid of libgd2*-dev traces (Closes: #879254)
libgd2 (2.2.5-3) unstable; urgency=medium
* Disable gdimagerotate/bug00067 because it FTBFS on i386
libgd2 (2.2.5-2) unstable; urgency=medium
* Fix OOB read due to crafted GD/GD2 images
* Disable gdimagecopyresampled/bug00201 that makes some platforms to FTBFS
libgd2 (2.2.5-1) unstable; urgency=high
* New upstream version 2.2.5
+ [CVE-2017-6362]: Double-free in gdImagePngPtr().
+ [CVE-2017-7890]: Buffer over-read into uninitialized memory.
* Update d/watch for the github releases
* Refresh patches for the 2.2.5 release
libgd2 (2.2.4-2) unstable; urgency=medium
* Apply correct patch on tiff_invalid_read
libgd2 (2.2.4-1) unstable; urgency=medium
* New upstream version 2.2.4
* Rebase patches on top of libgd-2.2.4 release
* Disable tiff/tiff_invalid_read test
libgd2 (2.2.3-87-gd0fec80-3) unstable; urgency=medium
* Disable tests/gdimagegrayscale as it breaks the 32-bit builds
libgd2 (2.2.3-87-gd0fec80-2) unstable; urgency=medium
* [CVE-2016-6911]: Fix invalid read in gdImageCreateFromTiffPtr()
(Closes: #840806)
libgd2 (2.2.3-87-gd0fec80-1) unstable; urgency=medium
* Imported Upstream version 2.2.3-87-gd0fec80
+ [CVE-2016-8670]: Stack Buffer Overflow in GD dynamicGetbuf
+ [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr()
+ [CVE-2016-7568]: Integer overflow in gdImageWebpCtx
(Closes: #840805, #840806, #839659)
* Refresh patches on top of git snapshot 2.2.3-87-gd0fec80
* Replace -dbg with -dbgsym packages
* Disable php_bug_72339 that has overflow constant
* Fix error: ISO C99 requires at least one argument for the "..." in a variadic macro
libgd2 (2.2.3-3) unstable; urgency=medium
* Initialize error in tests/gd2/gd2_read.c
libgd2 (2.2.3-2) unstable; urgency=medium
* Remove the failing test from the test suite rather than juggling with
architecture tests (Closes: #832390)
libgd2 (2.2.3-1) unstable; urgency=medium
* Imported Upstream version 2.2.3
libgd2 (2.2.2-43-g22cba39-2) unstable; urgency=medium
* Use DEB_HOST_ARCH instead of DEB_HOST_GNU_CPU to detect i386
(Closes: #832390)
libgd2 (2.2.2-43-g22cba39-1) unstable; urgency=medium
* Imported Upstream version 2.2.2-43-g22cba39
* Don't fail on failed tests to fix i386 FTBFS
* Add default debian rules include to skip checking tests only on i386
libgd2 (2.2.2-29-g3c2b605-1) unstable; urgency=medium
* Imported Upstream version 2.2.2-29-g3c2b605
+ [CVE-2016-5766]: Fix Integer Overflow in _gd2GetHeader() resulting in
heap overflow (Closes: #829014)
+ [CVE-2016-6128]: Fix invalid color index not handled, can lead to
crash (Closes: #829062)
+ [CVE-2016-6161]: Add upstream patch to fix gif: avoid out-of-bound
reads of masks array
+ [CVE-2016-6132]: Fix out-of-bounds read in the parsing of TGA files
(Closes: #829694)
+ [CVE-2016-6214]: Fix read out-of-bands was found in TGA
+ Fix another out-of-bounds read in read_image_tga (upstream #248)
* Remove patches merged upstream
libgd2 (2.2.1-1) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* Imported Debian patch 2.1.1-4.1
[ Ondřej Surý ]
* Imported Upstream version 2.2.0
* Delete obsolete patches
* Don't install obsolete gdlib-config
* [CVE-2015-8874]: Stack consumption vulnerability in GD allows remote
attackers to cause a denial of service via a crafted imagefilltoborder
call
* Build with libwebp-dev instead of old libvpx-dev
* Initialize full_filename in tests/gdimagefile/gdnametest.c
* Imported Upstream version 2.2.1
* CVE-2015-8874 is now fixed in the upstream release
libgd2 (2.1.1-4.1) unstable; urgency=high
* Non-maintainer upload (with Ondrej's approval directly uploaded)
* CVE-2016-3074: Signedness vulnerability causing heap overflow
(Closes: #822242)
-- Ondřej Surý <email address hidden> Mon, 29 Oct 2018 05:08:47 +0000